Google Git
Sign in
boringssl / boringssl / a3aeea7c775d1859139394b57a105063351f0f5d^! / .
commita3aeea7c775d1859139394b57a105063351f0f5d[log] [tgz]
authorDavid Benjamin <davidben@google.com>Thu Feb 25 17:55:42 2021 -0500
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Fri Feb 26 20:49:27 2021 +0000
tree5f4cbbc08a22f645e631a1a4e6d7bc50e30840a2
parentf69624a16ab090da2a3ec6456ddadc3486fdfd8b [diff]
Remove block_mask from EVP_CIPHER_CTX.

This may as well be computed from block_size. This reduces the
per-EVP_CIPHER_CTX memory usage slightly.

Update-Note: It doesn't look like anyone is reading into this field. If
they are, we can ideally fix it, or revert this if absolutely necessary.

Change-Id: Ieef9177bed1671efca23d4f94d3d528f82568fc6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45884
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/fipsmodule/cipher/cipher.c b/crypto/fipsmodule/cipher/cipher.c
index 1522379..51c96b4 100644
--- a/crypto/fipsmodule/cipher/cipher.c
+++ b/crypto/fipsmodule/cipher/cipher.c

@@ -225,7 +225,6 @@
 
   ctx->buf_len = 0;
   ctx->final_used = 0;
-  ctx->block_mask = ctx->cipher->block_size - 1;
   return 1;
 }
 
@@ -239,6 +238,15 @@
   return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
 }
 
+// block_remainder returns the number of bytes to remove from |len| to get a
+// multiple of |ctx|'s block size.
+static int block_remainder(const EVP_CIPHER_CTX *ctx, int len) {
+  // |block_size| must be a power of two.
+  assert(ctx->cipher->block_size != 0);
+  assert((ctx->cipher->block_size & (ctx->cipher->block_size - 1)) == 0);
+  return len & (ctx->cipher->block_size - 1);
+}
+
 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, uint8_t *out, int *out_len,
                       const uint8_t *in, int in_len) {
   // Ciphers that use blocks may write up to |bl| extra bytes. Ensure the output
@@ -264,7 +272,7 @@
     return in_len == 0;
   }
 
-  if (ctx->buf_len == 0 && (in_len & ctx->block_mask) == 0) {
+  if (ctx->buf_len == 0 && block_remainder(ctx, in_len) == 0) {
     if (ctx->cipher->cipher(ctx, out, in, in_len)) {
       *out_len = in_len;
       return 1;
@@ -297,7 +305,7 @@
     *out_len = 0;
   }
 
-  i = in_len & ctx->block_mask;
+  i = block_remainder(ctx, in_len);
   in_len -= i;
   if (in_len > 0) {
     if (!ctx->cipher->cipher(ctx, out, in, in_len)) {

diff --git a/include/openssl/cipher.h b/include/openssl/cipher.h
index 3feadea..badd496 100644
--- a/include/openssl/cipher.h
+++ b/include/openssl/cipher.h

@@ -556,14 +556,6 @@
   // final_used is non-zero if the |final| buffer contains plaintext.
   int final_used;
 
-  // block_mask contains |cipher->block_size| minus one. (The block size
-  // assumed to be a power of two.)
-  //
-  // TODO(davidben): This is redundant with |cipher->block_size| and constant
-  // for the whole |EVP_CIPHER|. Move it there, or possibly even remove it and
-  // do the subtraction on demand.
-  int block_mask;
-
   uint8_t final[EVP_MAX_BLOCK_LENGTH];  // possible final block
 } /* EVP_CIPHER_CTX */;